WhatdoesIS027001certificationmeantoGDPR?

We've been ISO 27001 certified since 2013. This is the highest standard for information security management, and shows just how seriously we've been taking data security, long before GDPR was first mentioned. But, just how does ISO 27001 sit alongside GDPR?

ISO 27001 is a framework for information protection that provides the means to ensure much of the protection set out in GDPR. But ISO 27001 certification alone doesn't guarantee full GDPR compliancy. There are some GDPR requirements that are not directly covered in ISO 27001, such as supporting the rights of personal data subjects: the right to be informed, the right to have their data deleted, and data portability. But, if the implementation of ISO 27001 identifies personal data as an information security asset, most of the GDPR requirements will be covered.

Being ISO 27001 certified goes a long way in providing the means to ensure this protection. It's wildly acknowledged that organisations, such as KJS We are Direct Mail, that have already implemented the standard, are at least halfway towards ensuring the protection of personal data and minimizing the risk of a leak, from which the financial impact and visibility could be catastrophic for the organisation.

We've already carried out our GDPR audit we found that many of the systems and procedures we have in place for ISO 27001 went a long way to aligning us with this new legislation. But that's probably to be expected. We've been handling data for our clients for almost 20 years. Data and information security is fundamental to our business. It's an area we have never, nor would ever, take any risks and we fully support any standards or legislation that can enhance the reputation of our industry.

Whilst not compulsory, ISO 27001 certificate does demonstrate how serious any company who goes through the rigorous procedure (and cost) of attaining the standard, takes data security.

Here's an information sheet which gives a really good and clear overview on how ISO 27001 helps comply with GDPR.